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Customer's landscape is changing 


Bahrain Institute of Public Administration 

has moved their Learning Management 

System to AWS, reducing cost by 90% 

Bahrain IGA is taking a cloud first policy BI 
migrating 700 servers with more than 50 aalcJlojlaysl aaaca 
TB data to AWS Institute of E Administration 
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The New IT — 
Hybrid, Multi-Cloud Deployment 


E: 


ON-PREMISE* PUBLIC CLOUD 
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Shared Security Responsibility Model 


You 


are responsible for securing your 
data and workloads 


Customer Cloud Provider 


Varies by layers 


Image from Microsoft Azure Shared Security Responsibility © Qualys. 


Components of Cloud Security 


laaS PaaS SaaS** 


AWS EC2 Cloud Databases* - Google Suite 
= Azure Virtual Machines AWS RDS, Azure SQL Server, 0365, Slack, GitHub, 
О Google Cloud Compute Google SQL DB SalesForce 
А Engines Elastic Bean Stalk, EMR, 
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Components of Cloud Security 
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laaS PaaS SaaS 


AWS EC2 Cloud Databases* - Google Suite 
Azure Virtual Machines AWS RDS, Azure SQL Server, Google 0365, Slack, GitHub, SalesForce 
Google Cloud Compute Engines SQL DB 
Elastic Bean Stalk, EMR, 
Containers 
VULNERABILITY MGMT., 
POLICY COMPLIANCE, POLICY COMPLIANCE, PCI, SAAS SECURITY** 
THREAT PROTECTION, PATCH APPLICATION SCANNING & 
MGMT, FIM, IOC, APPLICATION FIREWALL, CONTAINER 
SCANNING & FIREWALL SECURITY 
Infrastructure 


IAM, VPC, S3, Storage Blobs, RDS, ACLs, Security Groups 


CLOUD INVENTORY 
CLOUD SECURITY ASSESSMENT 


i ORACLE 
aws /А Azure © ER СЭ Ababa Cloud  GOUD ЕЕЕ SOFTLAYZR 


an IBM Company 


* PaaS - Cloud Database Scanning — Roadmap ‘19 
** SaaS — Qualys acquired Adya.io Feb'19. Security for GSuite, Slack, O365,.. 
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Qualys Sensors for Public Clouds 
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Remote scan across Continuous Security Sync. cloud Perimeter scan for Actively defend 
your networks — View and platform for instances edge facing intrusions and secure 
hosts and additional security And its metadata Instances/Host and applications 
applications solutions URLs 
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Dashboard Assets Templates Connectors 


AWS ЕС2 WORKLOAD SECURITY - Overview ~ 


Cloud Inventory & "=" w 


С) RUNNING INSTANCES BY REGIONE 
PUBLIC INSTANCES PRIVATE INSTANCES 


Security Posture o тэк Qi 


D a © h b O a r d = RUNNING INSTANCES BY ACCOUNT (7) INSTANCE DISTRIBUTION BY OPERATING EY ЕТЕМ (7) INITANCE DIETRIBUTION BY TYPE 
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2 VULNERABLE INSTANCES 
Inventory 
21 


Identify your security coverage 


- QUALYE ЗСАММЕЯ 8 BY REGION 
PUBLIC INSTANCES NOT SCANNED IN PRIVATE INSTANCES NOT SCANNED IN 
Е Gout LAST 7 DAYS LAST 7 DAYS 


309 1.94K 


View Security posture 


CLOUD AGENTS INSTANCES OUTSIDE AWS ACCEPTABLE INSTANCES OUT SIDE AWS ACCEPTABLE 
SCAN POLICY SCAN POLICY WITHOUT AGENT 


4 640 640 
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Cloud Workload Security ` 


Securing Cloud Workloads 


Hardening and Standardizing 
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VULNERABILITY POLICY APPLICATION 

MANAGEMENT COMPLIANCE SECURITY 

e Vulnerability Management e Policy Compliance (incl. * Web Application Scanning 
(Internal & Perimeter) 7 (WebApps and REST APIs) 


* Threat Protection 
* Indicators of Compromise 
* Patch Management* 


* File Integrity Monitoring * Web Application Firewall 


© Qualys. 


Vulnerability Mgmt. for Cloud 
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Vulnerability Management DASHBOAR SEARCH ANS REPOR REMEDIATION 


KNOWLEDGEBAS SERS Trupti Babar (quays.1b) 


Vulnerability Management DASHBOARD SEARCH SCANS REPORTS REMEDIATION ASSETS KNOWLEDGEBASE USERS Trupti Babar (quays.tb) 


Vulnerability Management ` 


Welcome to VM Dashboard BETA. Here you can customize your vulnerability posture view. Go Back to the Classic Ul Don't ask again 


Vulnerability 


s EI 23 ме 


Total Vulnerabilities 
ACTIVE Last Refreshed 10 Minutes Ago БЕ REOPENED Display Asset Vulnerability Group Ву:.. v 1-23 of 23 


vulnerabilities. severity: 57 


operat ingSystem: windows 


SEVERITY 91041 Microsoft Windows HTTP.sys Remote Code Execu.. GEEN Apr 05, 2018 Mar 17 COM2K12R2-DCS... 
5 23 5241 
CATEGORY 91345 Microsoft SMB Server Remote Code Execution Vul. ШИШИ Apr 05, 2018 Mar 17, 2018 COM2K12R2-DCS... 
75241 
Windows 2 
Security Policy 2 91345 Microsoft SMB Server Remote Code Execution Уш... Mmmm Apr 05,2018 Oct 12,2017 2k8r2-u-10-11 
OPERATING SYSTEM 90783 Microsoft Windows Remote Desktop Protocol Re.. ШШШШШ Apr 05, 2018 Oct 12, 2017 2k8r2-u-10-11 
Windows 2003 S. 10 5233 
Windows 2008 R. 3 
LARUM > 91041 Microsoft Windows HTTP.sys Remote Code Execu.. ШЕНЫШ Apr 05, 2018 Oct 12,2017 2k8r2-u-10-11 
Windows XP Ser. 2 se 
Windows 2008 R 2 91345 Microsoft SMB Server Remote Code Execution Vul.. ШЕНЫШ Apr 05, 2018 Mar 17,2018 ех20105р1-10-46... 
VULNERABILITIES BY SEVERITY VULNERABILITIES BY TYPE amore 1157648 
8 Confirmed: 227 90726 Microsoft Windows DNS Server Remote Code Exe.. =i "itt Apr 05,2018 Mar 17,2018 ех20105р1-10-46... 
m Potential: 222 57641 
91345 Microsoft SMB Server Remote Code Execution Vul. ШЕШЕН Apr 05, 2018 Mar 17,2018 exch2010-10-66u... 
56648 
123 
90783 Microsoft Windows Remote Desktop Protocol Не. I Apr 05, 2018 Mar 17,2018 exch2010-10-66u... 
1156648 
43 РА 91345 Microsoft SMB Server Remote Code Execution Уш... mmuum Apr 0S, 2018 Oct 12,2017 com2k12de.comp... 
20 775 
oa m ш 
2 90702 Microsoft Windows GDI+ Remote Code Execution … mmm Oct 12, 2017 Oct 12,2017 Iwin2003hp1 
90551 Microsoft Windows GDI+ Remote Code Execution .. mamm Oct 12, 2017 Oct 12,2017 Iwin2003hp1 
TOP 10 VULNERABILITIES MOST VULNERABLE HOSTS 90454 Microsoft Windows GDI+ Remote Code Execution … = Oct 12,2017 0ct 12,2017 Iwin2003hp1 
91129 Microsoft Windows 2003 Group Policy Remote Co.. == Oct 12,2017 Oet 12,2017 Iwin2003hp1 
SSL/TLS use of weak RC4 cipher 13 МАСМІМРАСА7ОВ 97 өрекет 
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Vulnerability Management v 


Vu | n e ra bi | ity Dashboard Scans Reports Remediation 
© се Scans Maps Schedules 
М О mt. " Exte rna | / New у || еасһ| [Fits у |< My Scans | Auto selects Public 
ө Title Scan Instances. 
Perimeter oa " 


Balancer's DNS 


Workloads., your pubic 


Host > 
facing cloud environment 


Launch Cloud Perimeter Scan 


s: On] Off Launch Help 


Step 3 of 6 Target Hosts 


o Scan Details Filter by Specific Tags 


Include hosts that have | Any |“ of the tags below 
o Target Connector 


Runs remote check vulnerabilities like 
password brute force, port checks... 


9 Target Hosts (Optional) 
Optiona 


4 Scheduling 


Add DNS List (For intenet facing ELBs) 


Remove Selected Remove АП | 


ontinue 


Comprehensive Compliance Management 
& File Integrity Monitoring 


FISMA Qu 


NIST ` 


Notional Institute of 0 . | 
Standards ond Technology "ч n jn 


U$. Dopartnent of Commerce 
hania eanan item As 


NERC 


NORTH AMERICAN ELECTAIC 
RELIABILITY CORPORATION 


Security 
Benchmarks” 
"| de еш: 
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File Integrity Monitoring JASHBOARD EVENTS NFIGURATION Richard Witte (quays. rw2) 


Events 


Last30Days Y 


621K 


Total Events 
1850 205ер 225 245ер 265ер zoet 400 б got 00d 1204 40d 1604 1804 
EVENT ACTION 1-50 of 620708 
Attributes 243K 
4 TIME TARGET EVENT ACTOR HOST SEVERITY 
Create 127K 
4 days ago SDIAG_66245584-ccb3-44bf-a057-994e95ec... Delete taskhostexe 5121-8164 п |] 
Content 125K 5:31:40 AM Device\HarddiskVolume2\Windows\Temp\SDIAG_66 5121-0816. _ fe80:0:0:0:1410:1 
3 more = 
"ua 4 days ago Ш result Delete taskhostexe 5121-98164 тишти 
5:31:40 AM \Device\HarddiskVolume2\Windows\Temp\SD! 512120816 — fe80:0:0:0:1410-1 
PROFILE 
AT.FIM 468K 4 days ago m en-US Delete taskhostexe 5121-8164 DARAH 
5:31:40 AM \Device\HarddiskVolume2\Windows\Temp\SDIAG_66 8121-У/816. fe80:0:0:0:1410:1 
AT2.FIM 139K = 
4 days ago Em result Create taskhostexe 5121-08164 1117) 
Windows Profile - 7.15К 5:31:13 АМ Device\Ha skVolume2\Windows\Temp\SDIAG_66. 5121-М/816. fe80:0: 1 
v 3mos 4 days ago ш enus Create taskhostexe 5121-08164 1111) 
5:31:13 AM Device\HarddiskVolume2\Windows\Temp\SDIAG.66. 5121-0816. fe80:0:0:0:1410:1 
CATEGORY 
c pP 4 days ago Em — SDIAG_66245584-ccb3-44bf-a057-994e95ec... Create taskhostexe  $121-W8164 EEEN 
5:31:13 AM \Device\HarddiskVolume2\Windows\Temp\SDIAG_66 5121-0816. fe80:0:0:01410:1 
Test to be deleted 139K = 
6 days ago Е] SCHEMA.DAT(BcBfd 1eb-c693-11dc-8424-fcc... Delete NT AUTHOR. WIN-JUFEPVCYYLI ШЕШ 
3:15:56 AM Device\Harddisk Volume” \Windows\Systern32\SM 1e80:0:0:0:41ad:c. 
USER r 
6 days ago Е] SCHEMA.DAT{8c8fd1eb-c693-11dc-8424-fcc... Delete NTAUTHOR.. WIN-JUFEPVCYYL1 ШЕШ 
5105 М5ТАЅР232. 468К 3:15:56 АМ Device\HarddiskVolume1\Windows\System32\SM {¢80:0:0:0:41adc 
NT AUTHORITY\SY. 138K 6 days ago E) SYSTEM Attributes — NTAUTHOR. WIN-JUFEPVCYYL1 ШЕШ 
3:15:56 AM Device\HarddiskVolume1\Windows\System32\confi 0:0:0:0:41ad:c. 
NT AUTHORITY. 8.83K 
6 more 6 days ago E) SCHEMA.DAT(8c8fd1eb-c693-11dc-8424-fcc... Delete NT AUTHOR. WIN-JUFEPVCYYL1 ШЕШ 
3:15:56 AM Device\HarddiskVolume1 \Windows\Systen M! fe80:0:0:0:41ad:c. 
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Moving Toward 
the Future of 


Security, Continuous Secure 


Development and Deployment 


Static Code Analysis 


Comprehensive 
evaluation 

at an early stage 
(DevOps) 


SECURITY 


Qualys 


Securing 
Public Clouds 
Using Qualys 


Customer Case Studies 


Capital One 


Reduced application 
releases from 2 weeks to 
24 hrs by automating 
security with Qualys in to 


DevOps 
A SOFTWARE A BEVERAG 
MAKER MNC 
Enabling DevOps with 


“Just in time” security 
automated agent 


approvals with end to 

End integration of Qualys | 
deployment via Azure 

Security Center 


Scan and Reports with 
Service Now, 


Capital One 
Before: Lack of Security Automation Delays 
Release 


w wa wa wa 
„== =, 


©  ,/<слм/вЕРОВТ 


Two weeks until the Image (AMI) is certified for production 


Capital 
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Capital One 


Capital One 


After: Introducing Security at the Source 
Qualys Security into Gold Images and AMI 


OS GOLD IMAGE QUALYS ASSESS — APPROVE and 
an b ON DEV b b PUBLISH 
AMAZON MACHINE IMAGE IÑSFANCES INSTANCES CI/CD PIPELINE 


Qualys 
© Agent 
1 
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Live Instances 


Bakery process happens within 24 Hrs 
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Cloud Workload Security with Qualys 


© Search 


Cloud Apps 


осоо 
ococ 
cooo 
coc 


i ORACLE 


Google Cloud Platform 


* PaaS - Cloud Database Scanning – Roadmap 2H "19 
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Cloud Infrastructure S bb 


4% Australian Insurance Company 


Visibility of deployments stop misuse of 
keys | 


AWS sent a notice of compromised keys attempting to Largest provider of Auto and 


š б Agriculture insurance 
A “create multiple accounts in EU x 
INDUSTRY: Insurance 


Use Case 
Identify the resources in EU region, find the Amazon S3 buckets which aN i 
are open to public and have the keys stored CLOUD: 
Primary Cloud - AWS 
; Secondary Cloud- Azure 
Requirement | DEPI OYMENT REGION: 
e Identify where the deployments are located AAA 
e Identify Amazon 53 buckets that are public and fix it | SERVICES USED: 
| | EC2, S3, RDS, EMR, Cloud 
* Ensure best practices are followed by IAM users of the account Front 
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Qualys Cloud 
Inventory and 
Security 


Assessments 
Unparalleled Visibility and 
Continuous Security 
Monitoring across public cloud 
infrastructure 


aws 


Use Case #1 
Visibility into 
your public clouds 


View into 
“ Resource Distribution by Type 
* Resources by Region 


Personalize and add custom widgets 


CloudView TRIAL 


DASHBOARD RESOURCES MONITOR POLICIES CONFIGURATION 


Last 30 Days Y 


RESOURCE DISTRIBUTION BY TYPE 


SECURITY POSTURE BY REGIONS 


en 


TOP 5 ACCOUNTS BY FAILED CONTROLS 


383031258652 


FAILURES BY CONTROL CRITICALITY 


Total Fa 
348 
п 226 
| в 122 
All Regions 
Total Resources [| 
T 402 TEN 
Es SR SpE Ss 
. 
17 
% Total Failure: 
: 348 mo 226 С 
° m u 122 
0 
< 
TOP 5 FAILED CONTROLS 
21 Е 


Use Case #2 


5 Identify Lea 
S3 buckets 


Misconfigured S3 Buckets are 
vulnerable for data leaks 


Check the S3 Bucket Access 
Permissions Regularly 
e Review Access Control List 
° Check Bucket Policy 


9 Qualys. Enterprise 


CloudView DASHBOARD RESOURCES MONITOR POLICIES CONFIGURATION 


Агпағхоп Мер Ѕегуісеѕ м List View 


resource. type:"S3 Bucket" апа s3.isPubliclyAccessible:true 


26 


Total S3 Buckets * 
0 18th Oct 22nd Oct 
service.type:"S3" 
EVALUATIONS SECURITY POSTURE FAILURES BY CRITICALITY 


312 169 143 143 0 0 


Total Evaluations Pass Fail High Medium Low 
1-4of 4 
45 S3 Bucket Access Control List Grant Access to Everyone or Authenticate... ШШШ S3 62 16 
Policy : AWS Best Practices Policy герара 
46 Ensure 53 Bucket Policy does not allows anonymous access EEE 53 64 14 
Policy : AWS Best Practices Policy peer xm 
47 Ensure access logging is enabled for S3 buckets EER $3 19 59 
Policy : AWS Best Practices Policy лата 
48 Ensure versioning is enabled for 53 buckets EER $3 24 54 


Policy : AWS Best Practices Policy Total Resources: 78 


Use Case #3 


D t t C i 
IA М U CloudView DASHBOARD RESOURCES MONITOR POLICIES CONFIGURATION Hari Srinivasan ( 
se Í S Amazon Web Services v 


| service. type: "IAM" 


2 1 EVALUATIONS SECURITY POSTURE FAILURES BY CRITICALITY 
Total Controls Evaluated 6 6 1 2 5 1 41 0 2 5 6 1 54 
Total Evaluations Pass Fail High Medium 


Check for: 
% Configure Strong Password Policy for peta 75 


FAIL 20 


Account PASS 


1 Ensure p factor ee (MFA) is oo for all IAM users that.. ШШШ IAM 7 

* Enforce MFA for Console Users ze ШЕ | Poley: CIS Amazon Web Services Fo = 
457721770691 2 sure console credentials unused for s or greater are =s IAM 12 

° Rotate IAM Access Keys Every 90 Days мао S | == ee slates те 

* Removed Unnecessary Credentials сокто cam |} Ensure scosse keys umusad for 90 days or roster are disabled = w n 
EEE IAM 48 


ы Audit Process purus : 4 Буш эн 20 cue Ce 


* Create separate user for console & API access == 
( Segregation of duty) 


° Track password age 
° Deactivate unused keys 


Australian Insurance Company 


Visibility of deployments stop misuse of 
keys | 


AWS sent a notice of compromised keys attempting to Largest provider of Auto and * 


cr t ti . A * It К 
А еа е mul iple accounts In EU gn re insurance 


* |dentify where the deployments are located REGION: Australia 
* Identify S3 buckets that are public and fix it | 
CLOUD: 
* Ensure best practices are followed by IAM users of the account Primary Cloud - AWS 
Secondary Cloud- Azure 
Solution DEPLOYMENT REGION: 
With Qualys Cloud Inventory and Assessment Australia 
dan au Kio i 
Gain visibility into the global deployments | г SERVICES USED: 
Y Identify S3 buckets that are public and required fixing EC2, S3, RDS, EMR, Cloud 


Front 


Y Identify the IAM users and their security posture 
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CloudView 


A FREE inventory and monitoring 
service for your public clouds 


* FREE version is for Cloud Inventory, defaults to 3 
accounts per cloud, can be extended further 
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Correlate with 
Vulnerability 
Data 


Identify vulnerable 
instances associated with 
the security groups 


Reduce effort to pull info 
to SIEM for correlation 


© Qualys. enterprise 
< Resource Details: sg-08e84245777aa2a62 


Associations 


Summary 
Rules 
Associations 
Tags 


Controls Evaluated 


Instances 


i-0b0c3f79a6df4ac05 
AJMdkrh03 


i-056756d302b6dbddb 
AJMdkrh02 


i-04b5914b57a4f0055 
М/іп2016. Test. SMN 


i-09f0a433571db4e0d 
ssm-Windows2008R2 


1-074f89785daa759ad 
Ubuntu-Test-SMN 


|-0b49e28d2d963c228 
srv2_grp1 


1-0f40566c694a67ffb 
AJMdkrh01 


ELB 


N. Virginia 


N. Virginia 


N. Virginia 


N. Virginia 


N. Virginia 


N. Virginia 


N. Virginia 


Reference Security Groups 


Nov 28,2018 


Nov 28,2018 


Nov 28, 2018 


Nov 28, 2018 


Nov 28, 2018 


Nov 28, 2018 


Nov 28, 2018 


running 


running 


running 


running 


running 


running 


running 


1 
d 
1 
— 
14 

— —— uama 
0 
0 
0 
1 
Т 


1-12 0# 12 


Coming Jan’19 


Cloud Infrastructure Reports 


Qualys. Enterprise 
Generate reports for CIS © 
CloudView » DASHBOARD RESOURCES MONITOR REPORTS CONFIGURATIONS Dave Jones (qyays_dj) ¥ 


Benchmarks, mandates like | 
PCI, HIPAA, 15027001, NIST O 
800-53... à 


2 e Actions v 
Configure for specific CHAM 


REPORT TITLE 
PCI Report for MyAWS Storefront 


accounts, and regions POI Report for MIAT ак 


Report Info 


Created date: 05/23/2018 at 00:09:52 Company: Qualys 
RuN NOW Created inivasan Address: $01 The Metropolitan 
Us d Wakdewadi 
CIS Report for MyAws ШЕЙ ma mee Pune. Maharastra 411005 
Schedule reports for dail ы 
р у, Report Settings 
weekl or month | Policies: CIS Amazon Web Services Foundations Benchmark 
Asset Selection: All Assets in Policy 
Template: Payment Card Industry Data Security Standard (PC! - DSS) v3.2 
Report Summary 
Mandates: Requirements: PCI-DSS 
1 12 96.6% 
Connector Name: Account ID: Controls: Total Evaluations: Policies: 
MyAWS Storefront (383031258652) 44 294 1 


Coming May. 2019 


Cloud Security 
М a n al g e n e n t < Control Evaluation: Ensure console credentials unused for 90 days ог... 


" А CID-2 Ensure console credentials unused for 90 days ог greater are disabled 
Automated remedial actions 


© Qualys. express 


Policy CIS Amazon Web Services Foundations Benchmark v1.2.0 - 05-23-2018 Platform AWS 
to р ГО t e ct d О а | n st rl S ks Evaluation Check IAM Users having console password and have not used credentials for 90 days or more. Service IAM 
Remediation View Steps Criticality: ШШ 
Q 
End to End flow: Setup On- 
demand or automated E 
remediation to fix control 383031258652 18 minutes ago шлш 
{а | | u res arn:aws:iam::383031258652:user/smcvtest 
ajoshi@qualys.com 383031258652 18 minutes ago 
arn:aws:iam::383031258652:user/ajoshi@qualys 
Scope it by accou nt, controls, 2 Mansi es ee 383031258652 18 minutes ago иш 


tags, 


Coming Q3 2019 
© Qualys. 
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Cloud SaaS Se uri 


SaaS Security (SSC) 


Adya.io now part of Qualys 


Manage and Secure your SaaS Applications 


6 


COST CUTTING 


Yo 
& 


ADMINISTER 


Critical SaaS apps Exposure of Data For Compliance On unused Licenses 


Г] Office 365 G xx (®) 
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SaaS Security and Compliance 


Features 


ADMINISTRATION SECURITY & COMPLIANCE LICENCE MANAGEMENT REPORT & AUDIT 


* Activity logs by user / 


Add /remove users External / internal data * Central visibility into 
from groups exposure SaaS licenses EJ ERI» 

°  Add/ remove users * One click exposure fix * See underutilized * Access reports for 
from channels e List / fix dangerous licenses files / folder 

* Role based access apps * Understand total cost / mou i 
control * Alert on exposure / savings scheduled reports 

°  onboarding / dangerous apps - Future spend analysis * Pre-built / scheduled 


offboarding workflows reports 
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О Qualys Dashboard Users 


10 users 


HEE Pudiicly discoverable NN Shared pubiic link 
BE Shared with users outside company ШЕШШ Shared ac 


ег Support and Success 


DevOps and IT 


Product and Design 


Productivity and Opera 


Marketing 


ised 


Documents Apps 


Policies Reports 


22 GROUPS 


External users with most access 


neetika@accelero-corp.com 142 
deepakbalakrishna@gmail.com 34 
dbalakrishna@qualys.com 22 
nasar@qualys.com 21 
sthakar@qualys.com 21 


Developer | 


0 200 


400 600 800 1000 1200 


ШШЩЩ Annual Cost/Category 


1580.4 $ In Total Annual Cost 


20022 files 


Users with most exposed documents 
deepak@adya.io 
scm@adya.io 


rashmi.singh@adya.io 


Testing (testuser@adya.io) 


1350 FOLDERS 


335 


MA. 


ШЕШ pc! БЫНЫ document БОЛЫ folder ҰҒЫН xm! NN mp4 


EN Others 


ШШШ High Risk БЕРЕ Medium Risk ШЕШЕН Low Risk 
© Qualys. 


Qualys Cloud Security - Comprehensive 
Coverage 


AWS A Azure 9 _“\ Alibaba Cloud ORACLE SOFTLAY=R 
wee) Google Cloud Platform aliyun.com ЕЕЕ. an IBM Company 


CLOUD 


Infrastructure 


* PaaS — Cloud Database Scanning - Roadmap ‘19 © Qualys. 
* SaaS — Qualys acquired Adya.io Feb’19. Security for GSuite, Slack, 0365... 


